AFFIXIO
Cryptographic evidence, not application logs
Regulators ask what authorised a decision. Application logs answer with narratives that can be edited. AffixIO appends every YES and NO to a Merkle tree with inclusion proofs you can verify independently. Check entries with the Merkle verifier, read the Trust Center, or review the changelog for audit schema updates.
At a glance
- Product
- Merkle audit for verify decisions
- Model
- Proof-not-log instead of mutable application logs
- Tree data
- Digest, event type, timestamp, verdict only
- Verification
- Independent inclusion proofs for auditors
- Tool
- Browser Merkle verifier at /tools/merkle-verifier
- Retention
- No PII in audit tree by default
The gap
Compliance teams grep logs and hope
Access control, age gates, and payment authorisations generate thousands of decisions daily. Most organisations store them in application logs with retention policies, admin access, and no integrity guarantee.
When the ICO, FCA, or an internal auditor asks for evidence, teams export CSV files and explain what the logs mean.
Proof-not-log audit replaces that narrative with a Merkle commitment that breaks if anyone tampers with a row.
Architecture
Application logs vs Merkle audit
- ✕ Entries editable by admins with sufficient access
- ✕ Retention gaps when logs rotate
- ✕ Auditor must trust the logging system
- ✕ No standard format across services
- ✕ PII often mixed into log payloads
- ✓ Tamper-evident root hash
- ✓ Inclusion proof per decision
- ✓ Independent verification via Merkle tool
- ✓ Consistent schema across all circuits
- ✓ Digest only, no standing PII
Capabilities
What the audit tree records
Proof fingerprint
SHA-256 hash of the verified proof. Links audit row to the original decision.
Circuit event type
ticket_verify, age_gate, agent_authorise, and other circuit-specific labels.
YES or NO
Binary outcome stored with the row. No ambiguity in compliance exports.
Merkle proof
Path from leaf to root. Verifiable without access to the full tree.
Periodic anchor
Root hash publishable to external timestamp services for long-term integrity.
Regulator pack
Batch export of inclusion proofs for audit periods. No raw log dump required.
Integration
Four steps to proof-not-log audit
Verify at boundary
Every circuit verify call returns YES or NO plus a proof digest.
Append to tree
Digest, event type, and verdict append as a Merkle leaf automatically.
Verify inclusion
Use the Merkle verifier to confirm any row existed at a given root.
Export for audit
Provide inclusion proofs to regulators. No application log access required.
Where it applies
Audit scenarios
Financial services
FCA-ready evidence for payment authorisation decisions without log archaeology.
Online Safety
Age gate audit trail for Ofcom compliance reviews.
Event venues
Admission counts reconciled against Merkle consume events post-match.
Healthcare
Eligibility decisions with tamper-evident proof, not EMR access logs.
Government
Programme access decisions exportable for parliamentary audit.
AI agents
Agent authorisation gates with Merkle evidence for each tool call boundary.
Proof-not-log for Article 12 and beyond
EU AI Act Article 12 requires high-risk AI systems to support automatic logging that is tamper-evident. Application logs alone fail that bar: administrators can edit rows, clocks drift, and retention policies vary by team. Merkle audit trees over signed decision digests give regulators something they can replay independently.
AffixIO records allow or deny outcomes, not prompt content or end-user PII by default. Each verify appends a hash-linked entry. Inclusion proofs export without granting database access to auditors.
When SIEM is not enough
SIEM aggregates events for SOC workflows. It does not prove a specific policy decision was authentic at issuance time. Pair SIEM for operations with proof-not-log for defensible audit. See compare: proof-not-log vs SIEM.
Readiness workflow
Run the Article 12 readiness checker, map logging obligations in the buyer guide, then reproduce Merkle export in the sandbox. Reviewed 12 July 2026.
Frequently asked questions
What is proof-not-log audit?
Every AffixIO verify decision appends a digest to a Merkle tree. Auditors verify inclusion cryptographically instead of trusting editable application logs.
Can regulators verify audit entries independently?
Yes. Export the Merkle root and inclusion proof. The Merkle verifier confirms the entry without access to your systems.
What data is stored in the audit tree?
Proof digest, event type, timestamp, and YES or NO verdict. Personal data stays out of the tree by default.
How does this differ from SIEM logging?
SIEM logs record what an application claims happened. Merkle audit records a cryptographic commitment that cannot be altered without breaking the root hash.
Verify your first audit entry
Run a circuit verify in the sandbox, then confirm Merkle inclusion with the verifier tool. Trust documentation in the Trust Center.